主机识别对于计算机网络犯罪取证、抵御匿名攻击具有重要意义.为了精确识别网络上的目标主机,首先给出了多维度主机指纹模型的定义和性质并进行了形式化描述,然后针对传统方法在主机指纹获取中存在可靠性及准确性不足的问题,综合主机硬件特征信息、主机软件环境特征信息和主机网络行为特征信息,提出了一种面向高速混杂网络流量的多维度主机指纹模型构建方法.实验结果表明,该模型在高速混杂网络下可以灵活有效提取主机特征信息,使用该模型构建多维度主机指纹模型,主机识别准确率达到93.33%,相比单维度主机指纹识别提高了近8个百分点,具有更高的可靠性和准确率,且不受IP地址变化的影响.%Host identification is very important for computer forensics and anonymous attack resistance. In order to accurately identify the target host on the network, the definition and properties of the multi-dimensional host fingerprint model are given and formalized. Then, in view of the problem of reliability and accuracy of fingerprint acquisition, this paper proposes a multi-dimensional host fingerprint model for high-speed hybrid network traffic, which integrates the hardware characteristic information, host software environment characteristic information and host network behavior characteristic information. The experimental results show that the proposed model can extract data flexibly and efficiently in the high-speed hybrid network, and the multi-dimensional host fingerprint model can effectively identify the host with the accuracy of 93.33% , which has increased by nearly 8 percent compared with the single-dimension host fingerprint identification, and the multi-dimensional host fingerprint model is not affected by IP address changes. In general, the multi-dimensional host fingerprint model has higher reliability and accuracy compared with the single-dimensional host fingerprint identification.
展开▼
